VulnerableCode Package Details - pkg:deb/debian/nova@2012.1~e1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-e1f1-xt6n-rqfp	OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.	CVE-2011-4076 GHSA-vcmv-6rxx-fh7r
VCID-wvc4-8zmb-6ucg	Openstack nova qcow format could expose host filesystem information Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.	CVE-2011-3147 GHSA-hqfx-4x4w-vmwp

Vulnerability

Summary

Aliases

VCID-e1f1-xt6n-rqfp

OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.

CVE-2011-4076
GHSA-vcmv-6rxx-fh7r

VCID-wvc4-8zmb-6ucg

Openstack nova qcow format could expose host filesystem information Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.

CVE-2011-3147
GHSA-hqfx-4x4w-vmwp

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:49:59.992608+00:00	Debian Importer	Fixing	VCID-wvc4-8zmb-6ucg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:47:23.411260+00:00	Debian Importer	Fixing	VCID-e1f1-xt6n-rqfp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:14:44.488944+00:00	Debian Importer	Fixing	VCID-wvc4-8zmb-6ucg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:17.434368+00:00	Debian Importer	Fixing	VCID-e1f1-xt6n-rqfp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:47:27.020396+00:00	Debian Importer	Fixing	VCID-e1f1-xt6n-rqfp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:47:26.967499+00:00	Debian Importer	Fixing	VCID-wvc4-8zmb-6ucg	https://security-tracker.debian.org/tracker/data/json	38.1.0